sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-08 05:57:51 +03:00
Code
132,660 Commits 62 Branches 1,150 Tags
Commit Graph

810 Commits

Author SHA1 Message Date
Rob van der Linde
dff87f051f netcmd: domain: move samba3upgrade command to domain/samba3upgrade.py 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-31 07:25:32 +00:00
Rob van der Linde
5986937d12 netcmd: domain: move provision command to domain/provision.py 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-31 07:25:32 +00:00
Rob van der Linde
49bc6a478b netcmd: domain: move paswordsettings command to domain/passwordsettings.py 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-31 07:25:32 +00:00
Rob van der Linde
8d4f6761b2 netcmd: domain: move level command to domain/level.py 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-31 07:25:32 +00:00
Rob van der Linde
e7ad2364a5 netcmd: domain: move leave command to domain/leave.py 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-31 07:25:32 +00:00
Rob van der Linde
12d5ea7f58 netcmd: domain: move keytab command to domain/keytab.py 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-31 07:25:32 +00:00
Rob van der Linde
8001e07746 netcmd: domain: move join command to domain/join.py 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-31 07:25:32 +00:00
Rob van der Linde
fefa5e74d1 netcmd: domain: move info command to domain/info.py 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-31 07:25:32 +00:00
Rob van der Linde
908f7ff553 netcmd: domain: move functional_prep command to domain/functional_prep.py 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-31 07:25:32 +00:00
Rob van der Linde
c22b8dc1c5 netcmd: domain: move demote command to domain/demote.py 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-31 07:25:32 +00:00
Rob van der Linde
72f6f7a79c netcmd: domain: move dcpromo command to domain/dcpromo.py 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-31 07:25:32 +00:00
Rob van der Linde
d26054d7da netcmd: domain: move classicupgrade command to domain/classicupgrade.py 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-31 07:25:32 +00:00
Rob van der Linde
6cecd7d08b netcmd: domain: move domain_backup.py to domain/backup.py 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-31 07:25:32 +00:00
Rob van der Linde
4d6a2b0167 netcmd: domain: fix unused imports 
Fix existing unused imports first, before splitting the file.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-31 07:25:32 +00:00
Rob van der Linde
2534aba94d netcmd: domain: turn domain.py into a module 
The domain.py file has become quite large at over 5000 lines, splitting it now before adding more sub commands.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-31 07:25:32 +00:00
Stefan Metzmacher
4bba26579d python:provision: run adprep as part of provision 
With the default of base_schema=2019 we'll adprep to 2016.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-22 22:10:32 +00:00
Stefan Metzmacher
f6d9f3760f samba-tool: let 'domain provision' to use the 2019 schema by default 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-22 22:10:32 +00:00
Stefan Metzmacher
90faa58e7f samba-tool: let 'domain schemaupgrade' to use the 2019 schema by default 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-22 22:10:32 +00:00
Stefan Metzmacher
245a8aaf41 samba-tool: let 'domain functionalprep' to use functional level 2016 by default 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-22 22:10:32 +00:00
Stefan Metzmacher
da74c3fde1 samba-tool: allow 'domain level raise' to support level 2016 
We don't support anything higher than 2008_R2 in Samba, but
it's possible to run this against a remove server too.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-22 22:10:32 +00:00
Stefan Metzmacher
c8f8efb31e forest_update: behave more like a Windows 2022 server 
It means we apply updates from 11-142 and list
all known updates. It turns out that update 53 is actually
update 54...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-22 22:10:32 +00:00
Stefan Metzmacher
7fe87d3c8d functional_prep: fix error handling in order to stop on the first error 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-22 22:10:32 +00:00
Stefan Metzmacher
65653bb02c schema_upgrade: add support for ntdsschemamodrdn and ntdsschemadelete 
They are used in newer schema uprades from Microsoft.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-22 22:10:32 +00:00
Stefan Metzmacher
6241380bc5 samba-tool: rewrite dsacl.py to use the new sd_utils helpers 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Mar 22 15:57:15 UTC 2023 on atb-devel-224
 2023-03-22 15:57:15 +00:00
Andreas Schneider
4fa0242b9d python:netcmd: Decode return value of find_netbios() from bytes into string 
ERROR(<class 'TypeError'>): uncaught exception - replace() argument 1 must be
str, not bytes
  File "bin/python/samba/netcmd/__init__.py", line 230, in _run
    return self.run(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "bin/python/samba/netcmd/ldapcmp.py", line 966, in run
    if b1.diff(b2):
       ^^^^^^^^^^^
  File "bin/python/samba/netcmd/ldapcmp.py", line 790, in diff
    if object1 == object2:
       ^^^^^^^^^^^^^^^^^^
  File "bin/python/samba/netcmd/ldapcmp.py", line 557, in __eq__
    return self.cmp_attrs(other)
           ^^^^^^^^^^^^^^^^^^^^^
  File "bin/python/samba/netcmd/ldapcmp.py", line 656, in cmp_attrs
    p = [self.fix_domain_netbios(j) for j in m]
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "bin/python/samba/netcmd/ldapcmp.py", line 656, in <listcomp>
    p = [self.fix_domain_netbios(j) for j in m]
         ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "bin/python/samba/netcmd/ldapcmp.py", line 542, in fix_domain_netbios
    res = res.replace(self.con.domain_netbios.lower(), self.con.domain_netbios.upper())
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

BUGS: https://bugzilla.samba.org/show_bug.cgi?id=15330

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-14 06:16:30 +00:00
David Mulder
bf6599fece samba-tool: Ensure modifying GPO increments GPT.INI vers 
When we modify a GPO, we must increment the
version number in the GPT.INI, otherwise client
machines won't process the update.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15327

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2023-03-09 18:10:33 +00:00
David Mulder
42517d576a samba-tool: Subclass GPOCommand for calling samdb_connect 
These sub commands will need to call samdb_connect in an upcoming
commit. Subclass from GPOCommand to make this possible.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15327

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2023-03-09 18:10:33 +00:00
David Mulder
8e830d7608 samba-tool: Clarify cse register command file dest 
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-03 01:07:37 +00:00
Joseph Sutton
1312b2d169 samba-tool: Don't use invalid escape sequences 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-03-03 01:07:36 +00:00
Rob van der Linde
5cb8805811 python: fix mutable default arguments 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 23 23:33:46 UTC 2023 on atb-devel-224
 2023-02-23 23:33:46 +00:00
David Mulder
3eee4415bc gp: samba-tool gpo cse register/unregister/list 
Add samba-tool commands for managing registration
of Client Side Extensions.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-02-03 02:27:32 +00:00
David Mulder
a15208f60b samba-tool: Use ntstatus constants in gpo commands 
Replace all the hard coded instances of ntstatus
codes in the samba-tool gpo commands with
constants from samba.ntstatus.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-01-30 09:00:39 +00:00
David Mulder
3b0d78a3fd samba-tool: gpo show/load handle utf-16-le strings 
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tested-by: Kees van Vloten <keesvanvloten@gmail.com>
 2023-01-30 09:00:39 +00:00
David Mulder
e603270360 samba-tool: gpo load provide option for replace vs merge 
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tested-by: Kees van Vloten <keesvanvloten@gmail.com>
 2023-01-30 09:00:39 +00:00
David Mulder
e7737d6bb2 samba-tool: gpo load add Registry ext by default 
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tested-by: Kees van Vloten <keesvanvloten@gmail.com>
 2023-01-30 09:00:39 +00:00
David Mulder
a345214712 samba-tool: gpo load extension names 
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tested-by: Kees van Vloten <keesvanvloten@gmail.com>
 2023-01-30 09:00:39 +00:00
David Mulder
00e40f9f92 samba-tool: gpo load/remove increment GPT.INI 
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tested-by: Kees van Vloten <keesvanvloten@gmail.com>
 2023-01-30 09:00:39 +00:00
David Mulder
ea619d704e samba-tool: gpo load/remove bytes 
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tested-by: Kees van Vloten <keesvanvloten@gmail.com>
 2023-01-30 09:00:39 +00:00
David Mulder
ee37e3cd32 samba-tool: gpo load/remove commands 
These commands allow the setting of various group
policies on the sysvol.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tested-by: Kees van Vloten <keesvanvloten@gmail.com>
 2023-01-30 09:00:39 +00:00
David Mulder
a0f8d7ca05 samba-tool: Move smb_connection to a common file 
This is in preparation for needing it here later.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-01-30 09:00:39 +00:00
David Mulder
d6194600c1 samba-tool: Move create_directory_hier to a common file 
This is in preparation for needing it here later.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-01-30 09:00:39 +00:00
David Mulder
e40faf7a75 samba-tool: gpo show command list policies 
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tested-by: Kees van Vloten <keesvanvloten@gmail.com>
 2023-01-30 09:00:39 +00:00
Björn Baumbach
5a017b113e samba-tool domain: fix a typo in samba-tool passwordsettings option description 
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
 2023-01-17 17:21:38 +00:00
Stefan Metzmacher
d1999c152a CVE-2022-37966 samba-tool: add 'domain trust modify' command 
For now it only allows the admin to modify
the msDS-SupportedEncryptionTypes values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2022-12-13 13:07:30 +00:00
Joseph Sutton
086646865e CVE-2022-37966 samba-tool: Declare explicitly RC4 support of trust objects 
As we will assume, as part of the fixes for CVE-2022-37966, that trust
objects with no msDS-SupportedEncryptionTypes attribute support AES
keys, RC4 support must now be explicitly indicated.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2022-12-13 13:07:29 +00:00
Joseph Sutton
6b155b22e6 CVE-2022-37966 samba-tool: Fix 'domain trust create' documentation 
This option does the opposite of what the documentation claims.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2022-12-13 13:07:29 +00:00
David Mulder
ca5f8072a4 gp: PAM Access should implicitly deny ALL w/ allow 
If an allow entry is specified, the PAM Access
CSE should implicitly deny ALL (everyone other
than the explicit allow entries).

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2022-11-21 21:01:31 +00:00
David Mulder
9f6cf276e2 gp: samba-tool manage gpo access add don't fail w/out upn 
The search response for the user could possibly
not include a upn (this happens with Administrator
for example).

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2022-11-21 21:01:31 +00:00
David Mulder
8d0d79ba3b gp: Make samba-tool gpo manage sudoers remove backward compatible 
Ensure `samba-tool gpo manage sudoers remove` is
backward compatible with the GPME sudo rules.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2022-11-21 21:01:30 +00:00
David Mulder
cc0c784d3a gp: Make samba-tool gpo manage sudoers list backward compatible 
Ensure `samba-tool gpo manage sudoers list` is
backward compatible with the GPME sudo rules.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2022-11-21 21:01:30 +00:00